|
Hello!
I had found a script to multipath DSL
connections:
I have made some modifications, but in second part
of this mail are some errors:
__________________________________________________________________
First the script:
__________________________________________________________________
#!/bin/bash
# iptables userspace executable iptables="/usr/local/sbin/iptables" # Internal Interface
NET_INT_INT=eth0 # Internal IP
NET_INT_IP=192.168.20.1 # Internal Subnet
NET_INT_SUB=24 # Internal Network
NET_INT_NET=192.168.20.0 # First external interface
NET_EXT_INT1=eth1 # First external IP
NET_EXT_IP1=192.168.21.1 # First external interface's gateway
NET_EXT_GW1=192.168.21.2 # Second external interface
NET_EXT_INT1=eth2 # Second external IP
NET_EXT_IP1=192.168.22.1 # Second external interface's gateway
NET_EXT_GW1=192.168.22.2 echo "Flushing All Tables"
iptables -F iptables -F -t nat iptables -F -t mangle iptables -X -t nat iptables -X -t mangle iptables -X echo "Mangle eth1"
iptables -t mangle -N eth1 iptables -t mangle -F eth1 iptables -t mangle -A eth1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 " iptables -t mangle -A eth1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1 " iptables -t mangle -A eth1 -j MARK --set-mark 1 echo "Mangle eth2"
iptables -t mangle -N eth2 iptables -t mangle -F eth2 iptables -t mangle -A eth2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 " iptables -t mangle -A eth2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2 " iptables -t mangle -A eth2 -j MARK --set-mark 2 echo "NAT"
iptables -t nat -N SPOOF_ETH1 iptables -t nat -F SPOOF_ETH1 iptables -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 " iptables -t nat -A SPOOF_ETH1 -j SNAT --to-source $NET_EXT_IP1 iptables -t nat -N SPOOF_ETH2
iptables -t nat -F SPOOF_ETH2 iptables -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 " iptables -t nat -A SPOOF_ETH2 -j SNAT --to-source $NET_EXT_IP2 echo "Setting some local network rules..."
iptables -A INPUT -p icmp -s $NET_INT_NET/$NET_INT_SUB -d $NET_INT_IP -j ACCEPT echo "Setting Mangle rules for eth1..."
iptables -t mangle -A OUTPUT -o ! $NET_INT_INT -m random --average 50 -j eth1 iptables -t mangle -A PREROUTING -i $NET_INT_INT -m random --average 50 -j eth1 ip ro add default via $NET_EXT_GW1 dev $NET_EXT_INT1 table 10 ip ru add fwmark 1 table 10 ip ro fl ca echo "Setting Mangle rules for eth2..."
iptables -t mangle -A OUTPUT -o ! $NET_INT_INT -m random --average 50 -j eth2 iptables -t mangle -A PREROUTING -i $NET_INT_INT -m random --average 50 -j eth2 ip ro add default via $NET_EXT_GW2 dev $NET_EXT_INT2 table 20 ip ru add fwmark 2 table 20 ip ro fl ca echo "Setting up spoofing rules..."
iptables -t nat -A POSTROUTING -o $NET_EXT_INT1 -j SPOOF_ETH1 iptables -t nat -A POSTROUTING -o $NET_EXT_INT2 -j SPOOF_ETH2 echo "Adding default route..."
ip ro add default nexthop via $NET_EXT_GW1 dev $NET_EXT_INT1 weight 1 nexthop via $NET_EXT_GW2 dev $NET_EXT_INT2 weight 1 echo "Disabling Reverse Path Filtering..."
echo 0> /proc/sys/net/ipv4/conf/eth1/rp_filter echo 0> /proc/sys/net/ipv4/conf/eth2/rp_filter echo "Enabling IPv4 Packet forwarding..."
echo "1"> /proc/sys/net/ipv4/ip_forward __________________________________________________________________
Second the errors:
__________________________________________________________________
debian:~/script# sh natfilter
Flushing All Tables Mangle eth1 Mangle eth2 NAT iptables v1.2.6a: Unknown arg `--to-source' Try `iptables -h' or 'iptables --help' for more information. Setting some local network rules... Setting Mangle rules for eth1... Setting Mangle rules for eth2... Error: an inet address is expected rather than "dev". Setting up spoofing rules... Warning: weird character in interface `-j' (No aliases, :, ! or *). Bad argument `SPOOF_ETH2' Try `iptables -h' or 'iptables --help' for more information. Adding default route... Error: an IP address is expected rather than "dev" Disabling Reverse Path Filtering... Enabling IPv4 Packet forwarding... __________________________________________________________________
Thank you very much!
Direct contact: fte112 (at)
gmx.de
|
